Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
203
security advisoryimportantinformation disclosureMageia 9 gvfs Important Info Disclosure Command Injection MGASA-2026-0107
MGASA-2026-0107 - Updated gvfs packages fix security vulnerabilities. MGASA-2026-0107 - Updated gvfs packages fix security vulnerabilities Publication date: 22 Apr 2026 URL: https://advisories.mageia.org/MGASA-2026-0107.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-28295, CVE-2026-28296 Description: Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. (CVE-2026-28295) Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. (CVE-2026-28296) References: - https://bugs.mageia.org/show_bug.cgi?id=35171 - https://lists.opensuse.org/archives/list/
Apr 23, 2026
•Important
Mageia
100
security advisorySuSEimportantSUSE 15 SP6 gvfs Important FTP Command Injection Advisory 2026-0960-1
An update that solves two vulnerabilities can now be installed.. # Security update for gvfs Announcement ID: SUSE-SU-2026:0960-1 Release Date: 2026-03-23T08:51:00Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for gvfs fixes the following issues: * CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). * CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-960=1 openSUSE-SLE-15.6-2026-960=1 * Desktop Applications Module 15-SP7 zypper in -t patchSUSE-SLE-Module-Desktop-Applications-15-SP7-2026-960=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-960=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-960=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-goa-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-goa-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * gvfs-32bit-debuginfo-1.52.2-150600.3.3.1 * gvfs-32bit-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * gvfs-64bit-debuginfo-1.52.2-150600.3.3.1 * gvfs-64bit-1.52.2-150600.3.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * Desktop Applications Module 15-SP7 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390xx86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * gvfs-backend-afc-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-afc-1.52.2-150600.3.3.1 * gvfs-fuse-debuginfo-1.52.2-150600.3.3.1 * gvfs-fuse-1.52.2-150600.3.3.1 * gvfs-backends-debuginfo-1.52.2-150600.3.3.1 * gvfs-debugsource-1.52.2-150600.3.3.1 * gvfs-backend-samba-debuginfo-1.52.2-150600.3.3.1 * gvfs-backend-samba-1.52.2-150600.3.3.1 * gvfs-backends-1.52.2-150600.3.3.1 * gvfs-1.52.2-150600.3.3.1 * gvfs-debuginfo-1.52.2-150600.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * gvfs-devel-1.52.2-150600.3.3.1 * gvfs-lang-1.52.2-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 . This advisory details important updates for gvfs addressing critical FTP security issues.. SUSE updates, gvfs security, Linux issue resolutions. . Severity: Important. LinuxSecurity.com Team
Mar 23, 2026
•Important
SuSE
172
security advisorycriticalUbuntuUbuntu 25.10 GVfs Critical Code Execution Vulnerability USN-8114-1
Several security issues were fixed in GVfs.. ========================================================================== Ubuntu Security Notice USN-8114-1 March 23, 2026 gvfs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in GVfs. Software Description: - gvfs: Userspace virtual file system Details: It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. (CVE-2026-28295) It was discovered that the GVfs FTP backend incorrectly handled crafted file paths. A remote attacker could use this issue to terminate or inject arbitrary FTP commands, or possibly execute arbitrary code. (CVE-2026-28296) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 gvfs 1.57.2-2ubuntu5.1 gvfs-backends 1.57.2-2ubuntu5.1 Ubuntu 24.04 LTS gvfs 1.54.4-0ubuntu1~24.04.2 gvfs-backends 1.54.4-0ubuntu1~24.04.2 Ubuntu 22.04 LTS gvfs 1.48.2-0ubuntu1.1 gvfs-backends 1.48.2-0ubuntu1.1 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8114-1 CVE-2026-28295, CVE-2026-28296 Package Information: https://launchpad.net/ubuntu/+source/gvfs/1.57.2-2ubuntu5.1 https://launchpad.net/ubuntu/+source/gvfs/1.54.4-0ubuntu1~24.04.2 https://launchpad.net/ubuntu/+source/gvfs/1.48.2-0ubuntu1.1 . Multiple security issues in GVfs were resolved for Ubuntu 22.04, 24.04 LTS, and 25.10. Stay secure with updates.. GVfs Security Fix, Ubuntu Security Notice, System Update, RemoteCode Execution, Information Disclosure. . Severity: Critical. LinuxSecurity.com Team
Mar 23, 2026
•Critical
Ubuntu
100
security advisorysecurity updateSuSEFedora Linux 2027 nfs-utils Major NFS Security Patch FED-SU-2027-0460-5
An update that solves two vulnerabilities can now be installed.. # Security update for gvfs Announcement ID: SUSE-SU-2026:0923-1 Release Date: 2026-03-18T09:15:48Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gvfs fixes the following issues: * CVE-2026-28295: Fix ftp use control connection address for PASV data (bsc#1258953). * CVE-2026-28296: Fix ftp reject paths containing CR/LF characters (bsc#1258954). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can runthe command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-923=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-923=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-923=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-923=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-923=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-923=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-923=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-923=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-923=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * openSUSE Leap 15.4 (x86_64) * gvfs-32bit-debuginfo-1.48.2-150400.4.9.1 * gvfs-32bit-1.48.2-150400.4.9.1 * openSUSE Leap 15.4 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gvfs-64bit-debuginfo-1.48.2-150400.4.9.1 * gvfs-64bit-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSELinux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 *gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * gvfs-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-debuginfo-1.48.2-150400.4.9.1 * gvfs-backend-afc-debuginfo-1.48.2-150400.4.9.1 * gvfs-fuse-1.48.2-150400.4.9.1 * gvfs-backend-samba-debuginfo-1.48.2-150400.4.9.1 * gvfs-backends-1.48.2-150400.4.9.1 * gvfs-debugsource-1.48.2-150400.4.9.1 * gvfs-backend-afc-1.48.2-150400.4.9.1 * gvfs-backend-samba-1.48.2-150400.4.9.1 * gvfs-devel-1.48.2-150400.4.9.1 * gvfs-backends-debuginfo-1.48.2-150400.4.9.1 * gvfs-1.48.2-150400.4.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * gvfs-lang-1.48.2-150400.4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 . Critical update for gvfs addresses important ftp issues on SUSE systems. Ensure your installations are secure.. gvfs security patch,suse gvfs update,important gvfs vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Mar 18, 2026
•Important
SuSE
100
security advisorySuSEimportantSUSE Linux 12 SP5 gvfs Important Issues CVE-2026-28295 CVE-2026-28296
An update that solves two vulnerabilities can now be installed.. # Security update for gvfs Announcement ID: SUSE-SU-2026:0916-1 Release Date: 2026-03-18T07:47:02Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for gvfs fixes the following issues: * CVE-2026-28295: fixed by using control connection address for PASV data (bsc#1258953). * CVE-2026-28296: fixed by rejecting paths containing CR/LF characters (bsc#1258954). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-916=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-916=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) *gvfs-backends-debuginfo-1.28.3-18.9.1 * gvfs-debuginfo-1.28.3-18.9.1 * gvfs-1.28.3-18.9.1 * gvfs-backend-samba-debuginfo-1.28.3-18.9.1 * gvfs-backends-1.28.3-18.9.1 * gvfs-backend-samba-1.28.3-18.9.1 * gvfs-devel-1.28.3-18.9.1 * gvfs-fuse-debuginfo-1.28.3-18.9.1 * gvfs-debugsource-1.28.3-18.9.1 * gvfs-fuse-1.28.3-18.9.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * gvfs-lang-1.28.3-18.9.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gvfs-backends-debuginfo-1.28.3-18.9.1 * gvfs-debuginfo-1.28.3-18.9.1 * gvfs-1.28.3-18.9.1 * gvfs-backend-samba-debuginfo-1.28.3-18.9.1 * gvfs-backends-1.28.3-18.9.1 * gvfs-backend-samba-1.28.3-18.9.1 * gvfs-devel-1.28.3-18.9.1 * gvfs-fuse-debuginfo-1.28.3-18.9.1 * gvfs-debugsource-1.28.3-18.9.1 * gvfs-fuse-1.28.3-18.9.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * gvfs-lang-1.28.3-18.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 . Update for gvfs resolves two important issues affecting SUSE Linux systems. Install now to stay secure and compliant.. SUSE Linux, gvfs, important update, security patch, vulnerability fix. . Severity: Important. LinuxSecurity.com Team
Mar 18, 2026
•Important
SuSE
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed gvfs Moderate Security Fix 2026-10275-1
An update that solves 2 vulnerabilities can now be installed.. # gvfs-1.58.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10275-1 Rating: moderate Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the gvfs-1.58.2-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * gvfs 1.58.2-1.1 * gvfs-backend-afc 1.58.2-1.1 * gvfs-backend-goa 1.58.2-1.1 * gvfs-backend-gphoto 1.58.2-1.1 * gvfs-backend-samba 1.58.2-1.1 * gvfs-backends 1.58.2-1.1 * gvfs-fuse 1.58.2-1.1 * gvfs-lang 1.58.2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html . Two vulnerabilities resolved in gvfs update for openSUSE Tumbleweed. Install to enhance system security and stability.. openSUSE Tumbleweed, gvfs security, software update, system vulnerabilities. . LinuxSecurity.com Team
Mar 02, 2026
OpenSUSE
100
security advisorymoderatesoftware updateSUSE: 2024:2681-1 Important Fix for Gvfs Local Attack Vulnerability
* bsc#1137930 Cross-References: * CVE-2019-12795 . # Security update for gvfs Announcement ID: SUSE-SU-2024:2681-1 Rating: moderate References: * bsc#1137930 Cross-References: * CVE-2019-12795 CVSS scores: * CVE-2019-12795 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2019-12795 ( SUSE ): 5.9 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2019-12795 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gvfs fixes the following issues: * CVE-2019-12795: Fixed attack via local D-Bus method calls (bsc#1137930) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-2681=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2681=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2681=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2681=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gvfs-devel-1.28.3-18.6.1 * gvfs-debugsource-1.28.3-18.6.1 * gvfs-debuginfo-1.28.3-18.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gvfs-backend-samba-1.28.3-18.6.1 * gvfs-backends-1.28.3-18.6.1 * gvfs-debugsource-1.28.3-18.6.1 * gvfs-1.28.3-18.6.1 *gvfs-backend-samba-debuginfo-1.28.3-18.6.1 * gvfs-debuginfo-1.28.3-18.6.1 * gvfs-backends-debuginfo-1.28.3-18.6.1 * gvfs-fuse-1.28.3-18.6.1 * gvfs-fuse-debuginfo-1.28.3-18.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gvfs-lang-1.28.3-18.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gvfs-backend-samba-1.28.3-18.6.1 * gvfs-backends-1.28.3-18.6.1 * gvfs-debugsource-1.28.3-18.6.1 * gvfs-1.28.3-18.6.1 * gvfs-backend-samba-debuginfo-1.28.3-18.6.1 * gvfs-debuginfo-1.28.3-18.6.1 * gvfs-backends-debuginfo-1.28.3-18.6.1 * gvfs-fuse-1.28.3-18.6.1 * gvfs-fuse-debuginfo-1.28.3-18.6.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gvfs-lang-1.28.3-18.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gvfs-backend-samba-1.28.3-18.6.1 * gvfs-backends-1.28.3-18.6.1 * gvfs-debugsource-1.28.3-18.6.1 * gvfs-1.28.3-18.6.1 * gvfs-backend-samba-debuginfo-1.28.3-18.6.1 * gvfs-debuginfo-1.28.3-18.6.1 * gvfs-backends-debuginfo-1.28.3-18.6.1 * gvfs-fuse-1.28.3-18.6.1 * gvfs-fuse-debuginfo-1.28.3-18.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gvfs-lang-1.28.3-18.6.1 ## References: * https://www.suse.com/security/cve/CVE-2019-12795.html * https://bugzilla.suse.com/show_bug.cgi?id=1137930 . New security notice regarding Gvfs for SUSE installations has been issued to address a local exploitation risk. Severity: medium. Please implement the patches immediately!. gvfs security advisory, SUSE Linux patches, moderate security updates, D-Bus vulnerability, local attack fix. . Severity: Important. LinuxSecurity.com Team
Jul 31, 2024
•Important
SuSE
199
security advisoryupdatemoderate threatCentOS 7 CESA-2018-3140 Moderate Security Update for gvfs Package
Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140. CentOS Errata and Security Advisory 2018:3140 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2018:3140 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 717c6856842ddb6b4eca2817cbb3adfce002d371a61b322c8c74761e57ae5bcf gvfs-1.36.2-5.el7_9.i686.rpm 28f3ff68224de0783083894b44eefc57e4833a53461ce91f1f4656bbc1b0eb9f gvfs-1.36.2-5.el7_9.x86_64.rpm dc73b498dea020241c15f040008e6f96731b9a67cfa83b452c60a9d4510edd41 gvfs-afc-1.36.2-5.el7_9.x86_64.rpm cce9b9d8e55d003cd7be906f5603d626c0f14b8e422e5123076eb85b9dab7694 gvfs-afp-1.36.2-5.el7_9.x86_64.rpm 35f5c229e131ffb525fc38628dbe4dc399fd7f6077f047e169dc8e5ddcce20e8 gvfs-archive-1.36.2-5.el7_9.x86_64.rpm 51af7b29f1554b6ee4cfc1be4f18e91dcb17d8795d87ad960cb26d3fe381cc64 gvfs-client-1.36.2-5.el7_9.i686.rpm b95af4b262010256013a4265ab61dfb37bf37e1d4ca12de8b007b315ae8a9b1c gvfs-client-1.36.2-5.el7_9.x86_64.rpm 0b42148789300af59e74814b7d8cb50a3c1453dc197a498f2f37cdc75a6a97d7 gvfs-devel-1.36.2-5.el7_9.i686.rpm 34a08308f948f94b0ad18d9d233e22453d984465c89a58935ec1185d071e7f4d gvfs-devel-1.36.2-5.el7_9.x86_64.rpm 72fedcf3bf921b3e8efb6e27a94cc4edfe624334e5b7a143442d707cfb625b06 gvfs-fuse-1.36.2-5.el7_9.x86_64.rpm 96f852d003908ae51e7c33a2d18e329760dd559b5ca3c8a594e3d2a5ebf41ce5 gvfs-goa-1.36.2-5.el7_9.x86_64.rpm cc2af8b460ae945f1afdf5f03ea0b48e40aa3372a33d96e0408d1256c8c0294e gvfs-gphoto2-1.36.2-5.el7_9.x86_64.rpm b9b11e2c45c327237aea9d0fd84d0d41db9d2a4137822d95f71cedd3ae9145c2 gvfs-mtp-1.36.2-5.el7_9.x86_64.rpm 09277f1295e2db1f4f90bd3fce359dd8150009233cbba997650480e544b67766 gvfs-smb-1.36.2-5.el7_9.x86_64.rpm 3cf6225627d15b57e6db240be4821a47a55d2bf482e4fe8f1928862282e7998e gvfs-tests-1.36.2-5.el7_9.x86_64.rpm Source: 82da6639d664c95a4d729c4eed382b4cd81225931690ad9a382bf4bdbdaaee11 gvfs-1.36.2-5.el7_9.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr,#
Sep 01, 2021
•Important
CentOS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!